When people think of fraud, they generally do not think of not-for-profit organizations (NPOs) as likely victims. However, a recent report by the Association of Certified Fraud Examiners (ACFE) indicated that approximately 10% of frauds occur in NPOs. The median loss for NPOs was approximately $100,000. And, while these figures are significant, I am concerned because I wonder if every fraud at a NPOs is actually reported to the authorities. The general feeling in the not-for-profit community is that many incidences of fraud are unreported.

Identifying the potential fraudster is not easy. ACFE statistics indicate that most employees (and others) who commit fraud are first-time offenders. This means that the typical background check for new hires will not highlight a potential threat. Seventy seven percent of the fraud is committed by people involved in one of the following areas: accounting, customer service, executive management, operations, purchasing or sales.

Billing scams are the most frequent not-for-profit frauds followed by check tampering and fictitious expense reimbursement. One of the reasons why these schemes are most popular is because the fraudster does not have to physically take cash to perpetuate the fraud and receive an economic benefit.

What is it that makes the NPO especially vulnerable to fraud? The primary reason appears to be trust. NPOs tend to confer a higher level of trust in executive leaders, trustees and founders and even among rank and file employees. Blind trust is an invitation to management override of well-designed control systems or worse, the failure to even implement well-designed control systems.

Lack of sufficient oversight is the next vulnerability that exists. Many organizations, especially the small and medium size charities, may have volunteer boards that lack the skills, training or time to provide adequate financial oversight. Frequently boards lean toward mission oriented volunteers at the expense of volunteers with more general business training and skills. Operational budgets often experience fiscal pressures which translate into fewer workers engaged in more jobs leaving key functions like finance, bookkeeping and accounting duties concentrated in the hands of only a few individuals. This makes segregation of duties a challenging task.

To minimize your exposure to fraud risk consider the following:

Create a control environment. Senior leadership can help reduce potential fraud activity by setting clear ethical boundaries and demonstrating consequences for behavior outside of those areas. Unreported frauds are just an invitation to additional larger issues down the line.

Perform a risk assessment. This should begin with a candid discussion of existing anti fraud programs and controls followed by an evaluation of potential internal and external fraud risks. This exercise should also include an assessment of the likelihood of the various fraud risk scenarios and a consideration of how each could affect the organization.
 
Implement control activities. These are the policies and procedures that help ensure that management directives are carried out. Basic control activities include limiting physical access to valuable assets. Supervisory control activities include management reviews and spot checks, enforcing segregation of duties and reconciliation of accounts on a regular basis.

Communicate and inform. Steps taken to control fraud should be clearly communicated to employees, customers and others. This reinforces a strong tone of control at the top and encourages reporting of suspicious activity or other fraud.

Implement a monitoring program. All control activities should be monitored to assure that they are in place and functioning on a day-to-day basis. Monitoring also includes a regular re-assessment of activities in place and re-assessment of risks in order to react timely to changes.

Reducing fraud in a not-for-profit organization first entails recognizing its potential and then reacting to that potential. Every organization should implement a fraud prevention program and have a series of internal controls to limit any possible fraudulent activity. For more information on developing internal controls to reduce fraud in you organization, contact a Certified Fraud Examiner.